Locked History Actions

DRMAccess

DRMAccess

Contents

  1. General Information
  2. Description
  3. Library Dependancies
  4. Usage
    1. general definitions
    2. possible actions
      1. action = addUser
      2. action = removeUser
      3. action = addGroup
      4. action = removeGroup
      5. action = addRole
      6. action = addUserToGroup
      7. action = addUserToGroup
      8. action = addSecuredObject
      9. action = removeSecuredObject
      10. action = assignRights
      11. action = removeRights
      12. action = clean

1. General Information

First of all, please make sure to read the chapter on General Information for all deegreeTools.

2. Description

This program enables deegree sercurity administration using commandline calls. It should/must bs used instead of deegree's drm-admin web application if you want to

  1. defined complex rights using constraints defined as OGC FileterEncoding expressions (e.g. a user is just allowed to perform a GetMap request if the boundingbox intersects with a defined boundary and the mas spatial resolution is less than 10m.

  2. perform definition of rights by a batch-job

3. Library Dependancies

general libs 

  • deegree2.jar
log4j-1.2.9.jar
jaxen-1.1-beta-8.jar

database specific libs 

  • ojdbc14_10g.jar
postgresql-8.0-311.jdbc3.jar

4. Usage

Two things are important to note:

  1. Even if you use Postgres, MS SQLServer, HSQLDB etc. Oracle library is required
  2. If rights manipulating actions a performed deegree user and rights management API requires adminstrator authentication. Since name of the admin always is SEC_ADMIN just his password must be defined. Because it is assumed that the admin password does not change frequently it will be read from org/deegree/tools/security/sec.properties (contained in deegree2.jar). If you do not use default password (it is strongly recomment not to do this and to change the admin password) you must adjust sec.properties.

The program will be invoked as follows (example shows how to define a right with a constraint): 

  • java -classpath .;libs/deegree2.jar org.deegree.tools.security.DRMAccess -driver org.postgresql.Driver -logon jdbc:postgresql://hurricane:5432/adv_registry_users -user postgres -pw postgres -action assignRights -constraints -;-;-;csw_getrecords_by.xml -soName ISO19115 -soType MetadataSchema -role MyRole -rights GetRecords,GetRecordById,DescribeRecordType,GetRecords_Response

Common for all operations are database connection parameters '-driver', '-logon', '-user', '-pw', and parameter '-action' defining what to do. In general following commandline parameter combinations are known: general definitions, possible actions.

4.1. general definitions

-driver

  • JDBC driver (e.g. sun.jdbc.odbc.JdbcOdbcDriver for ODBC databases)

-logon

  • jdbc:odbc:security logon to database (e.g. ODBC name)

-user

  • user name (optional)

-password

  • users password (optional)

4.2. possible actions

-action

  • defines the action to be performed. possible actions are: addUser, addGroup, addRole, addUserToGroup, assignRoleWithGroup, addSecuredObject, assignRights, clean

4.2.1. action = addUser

adds a user to the right management

-name

  • users login name

-password

  • users password

-firstName

  • the first name of the user

-lastName

  • the last name of the user

-email

  • email address of the user.

4.2.2. action = removeUser

removes a user from the right management

-name

  • users login name

4.2.3. action = addGroup

adds a group to the right management system

  • -name name of the group
  • -title title of the group

4.2.4. action = removeGroup

removes a group to the right management

-name

  • groups login name

4.2.5. action = addRole

adds a role to the right management system

-name

  • name of the role

4.2.6. action = addUserToGroup

adds a user to a named group

-userName

  • name of the user

-groupName

  • name of the group

4.2.7. action = addUserToGroup

assignes a group with a role

-groupName

  • name of the group

-roleName

  • name of the role

4.2.8. action = addSecuredObject

adds a new secured object to the right management system

-soType

  • type of the secured object (e.g. Layer, FeatureType, Coverage ...)

-soName

  • name of the secured object

-soTitle

  • title of the secured object

4.2.9. action = removeSecuredObject

removes a new secured object from the right management system

-soType

  • type of the secured object (e.g. Layer, FeatureType, Coverage ...)

-soName

  • name of the secured object

4.2.10. action = assignRights

assigns rights on a named secured object to a role

 -constraints

  • comma seperated list of absolut pathes to filter encoding files

-rights

  • comma seperated list of rights to assign. the number of rights must be equest to the number constraints

-soName

  • name of the secured object

-soType

  • type of the secured object

-role

  • name of the role the rights shall be given to

4.2.11. action = removeRights

removes rights on a named secured object to a role

-rights

  • comma seperated list of rights to remove.

-soName

  • name of the secured object

-soType

  • type of the secured object

-role

  • name of the role the rights shall be given to

4.2.12. action = clean

cleans the complete right management system database by deleting all entries!


look for other deegreeTools

CategoryDeegree2

last edited 2009-08-04 10:18:11 by JuditMays